{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30252", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-03T14:40:38.853Z", "dateReserved": "2026-03-04T00:00:00.000Z", "datePublished": "2026-04-02T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-02T20:33:46.851Z"}, "descriptions": [{"lang": "en", "value": "Multiple reflected cross-site scripting (XSS) vulnerabilities in the login.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda and red_url parameters."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/skit-cyber-security/ZenShare-Suite"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-03T14:40:08.376376Z", "id": "CVE-2026-30252", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T14:40:38.853Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30252", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-03T14:40:08.376376Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-03T14:40:31.434Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/skit-cyber-security/ZenShare-Suite"}], "descriptions": [{"lang": "en", "value": "Multiple reflected cross-site scripting (XSS) vulnerabilities in the login.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda and red_url parameters."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-02T20:33:46.851Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30252", "state": "PUBLISHED", "dateUpdated": "2026-04-03T14:40:38.853Z", "dateReserved": "2026-03-04T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-02T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:interzen:zencrm:17.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF358C58-BDBB-49B1-A369-A68B23CCDF64", "vulnerable": true}, {"criteria": "cpe:2.3:a:interzen:zenhr:17.0:*:*:*:*:*:*:*", "matchCriteriaId": "6B7C5D87-0DD7-49D4-8449-C13960981A2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:interzen:zenproject:17.0:*:*:*:*:*:*:*", "matchCriteriaId": "151F4DBD-F656-435A-9352-9DE978766533", "vulnerable": true}, {"criteria": "cpe:2.3:a:interzen:zenpurchase:17.0:*:*:*:*:*:*:*", "matchCriteriaId": "D976EEE6-1493-471B-B60B-AF06827B337C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple reflected cross-site scripting (XSS) vulnerabilities in the login.php endpoint of Interzen Consulting S.r.l ZenShare Suite v17.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted URL injected into the codice_azienda and red_url parameters."}], "id": "CVE-2026-30252", "lastModified": "2026-04-10T15:50:06.950", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-02T21:16:40.490", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/skit-cyber-security/ZenShare-Suite"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "17.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "zenshare_suite", "vendor": "interzen_consulting"}], "analysis": {"en": {"generated_at": "2026-04-10T17:55:58.804221+00:00", "value": {"mitigation_remediation": ["Upgrade Interzen ZenShare Suite to a patched version (e.g., 17.1 or later) that resolves the XSS flaw.", "If a patch is unavailable, sanitize or encode the codice_azienda and red_url parameters before rendering them back to the user.", "Implement a Content Security Policy header to restrict script execution from untrusted sources.", "Validate user input server\u2011side to reject malformed or malicious values for the affected parameters."], "summary": {"action": "Immediate Patch", "impact": "Client\u2011side script execution via browser"}, "threat_synthesis": {"affected_systems": "Interzen Consulting\u2019s ZenShare Suite includes multiple applications: ZenCRM, ZenHR, ZenProject, and ZenPurchase, all running version 17.0. The login.php endpoint present in each product is affected, meaning that any user interacting with any of these applications via the login page is vulnerable.", "description_and_impact": "Multiple reflected Cross\u2013Site Scripting vulnerabilities exist in the login.php endpoint of Interzen Consulting S.r.l ZenShare Suite 17.0, allowing attackers to inject malicious JavaScript via the codice_azienda and red_url parameters. This flaw permits arbitrary script execution in a victim's browser, which can lead to session hijacking, credential theft, defacement, or redirect to malicious sites. The vulnerability is classified as CWE-79 and can compromise the confidentiality, integrity, and availability of information from the end users perspective.", "risk_and_exploitability": "The CVSS base score of 6.1 indicates a moderate risk. The EPSS score of less than 1% suggests a low likelihood of current exploits, and the vulnerability is not listed in CISA\u2019s KEV catalog. Despite the low exploitation probability, the attack vector is remote and trivial because an attacker only needs to supply a crafted URL. By directing a user to a malicious link containing payloads in the codice_azienda or red_url parameters, the attacker can execute JavaScript in the browser context. Once the script runs, it can exfiltrate session cookies or perform actions on behalf of the user."}}}}, "created": "2026-04-03T08:58:17.612480+00:00", "title": "Reflected Cross\u2011Site Scripting in Interzen ZenShare Suite 17.0 Login Endpoint", "updated": "2026-04-13T14:28:06.981176+00:00", "vendors": ["interzen_consulting", "interzen_consulting$PRODUCT$zenshare_suite"]}